Re: [PATCH] pgpassfile connection option

Fabien COELHO <coelho@cri.ensmp.fr>

From: Fabien COELHO <coelho@cri.ensmp.fr>
To: Julian Markwort <julian.markwort@uni-muenster.de>
Cc: PostgreSQL Developers <pgsql-hackers@postgresql.org>
Date: 2016-11-01T14:14:29Z
Lists: pgsql-hackers
Hello Julian,

> Alright, here goes another one:

Patch v3 applies, make check ok, feature tested on Linux, one small issue 
found, see below.

> 1. Cleaned up the clutter with getPgPassFilename - the function is now named 
> fillDefaultPGPassFile() and only does exactly that.

Ok.

> 2. Since a connection option "pgpassfile" or environment variable 
> "PGPASSFILE" are picked up in conninfo_add_defaults() or in case a password 
> was needed, but neither a pgpassfile connection option or environment 
> variable were set, we'd have filled the conn->pgpassfile field with the 
> "default" ~/.pgpass stuff.

Ok.

> Thus, when returning with an error, if conn->pgpassfile was set and a 
> password was necessary, we must have tried that pgpassfile, so i got rid of 
> the field "dot_pgpass_used"

No, you should not have done that, because it changes a feature which was 
to warn *only* when the password was coming from file.

> in the pg_conn struct and the pgpassfile string is always used in the 
> error message.

  sh> touch dot_pass_empty
  sh> LD_LIBRARY_PATH=./src/interfaces/libpq \
     psql "dbname=test host=localhost user=test pgpassfile=./dot_pass_empty"
  Password: BAD_PASSWORD_TYPED
  psql: FATAL:  password authentication failed for user "test"
  password retrieved from file "./dot_pass_empty"

The warning is wrong, the password was typed directly, not retrieved from 
a file. The "dot_pgpass_used" boolean is still required to avoid that.

> 3. Going on, I renamed "dot_pg_pass_warning()" to "PGPassFileWarning()"

This makes sense, its name is not necessarily ".pgpass".

-- 
Fabien.


Commits

  1. Allow password file name to be specified as a libpq connection parameter.